An Investment in Backups May be the Only Way to Keep Your Data

During the second and third quarters of 2020, the number of ransomware attacks within the education sector rose by 388%.

Many have heard that malicious cyber incidents in public schools — like staff data breaches, ransomware outbreaks, phishing attacks, and social engineering scams — drastically increased throughout the previous year, but this dramatic spike equates to a rate of more than two incidents per school day over the course of 2020, according to a report by the K-12 Cybersecurity Resource Center.

The education sector is one of the most targeted industries by ransomware attackers, forcing schools to face a challenging decision:

Invest in better security and backup precautions now, or suffer the consequences and hope to be able to afford the steep ransom and recovery costs if attacked.

Small Investment Today, or Major Unexpected Cost Tomorrow

The average total cost of recovery from a ransomware attack has more than doubled since last year, according to the global survey, The State of Ransomware 2021. It’s important to understand that the “sticker price” of paying the ransom (to obtain decryption keys) is only a small piece of the larger picture to recovering data, and there are other hidden costs and losses including:

  • Business interruption losses – average downtime is 21 days
  • Legal expenses – to determine what breach notification laws were triggered and how to notify victims
  • Reputational damage

When faced with this situation, for any organization, but especially for public schools, paying the ransom is not the best way out. Even if your organization decides to pay it, the chances of getting all your information back are very slim. The average ransomware payment is $170,404 and 92% of organizations do not get back all their data after paying.

The Only Option for a Full Recovery: Data Backups

“Despite all our efforts, it is a hard truth that network and security controls can fail,” says David Larson, Network Engineer at Livingston ESA and contributor to “Essential Cyber Security Best Practices for K12,” published by Michigan Education Technology Leaders (METL). In the event of an attack, restoring data from backups may be the only solution.

Top 4 Steps to Achieving an Optimal Data Security Structure:

  1. DESIGN a robust backup procedure — utilize the 3-2-1 rule
  2. INVEST in necessary backup technologies
  3. MONITOR backup procedures on a regular basis
  4. TEST backup recoveries on a regular basis and simulate disaster incidents
If Precautions Fail, Contact SET SEG!

Organizations targeted by a cyberattack must act quickly to report the incident and deploy the data restoration process. Develop a cyber incident response plan, educate your staff, and be prepared to contact SET SEG.

For more resources on cyber security, visit setseg.org/cyber.